DevSecOps Engineer – Mission-Driven HealthTech Startup | Melbourne | Hybrid

We’re working with a cutting-edge HealthTech startup that’s transforming digital therapy through clinically-proven mobile solutions.

As they scale and move toward AI-powered personalisation, they’re now looking for a DevSecOps Engineer to bring structure, security, and speed to their growing product and engineering teams.

About the Role:

You’ll join a small, product-led team where you’ll work closely with the CTO and engineers to improve DevOps practices, uplift security standards, and help lay the foundation for regulatory due diligence.

What you’ll do:

• Own and develop the DevSecOps function by taking charge of security, reliability, and productivity across the engineering team
• Design, build, and maintain CI/CD pipelines (e.g., CircleCI, Github Actions, GitLab CI) to support a monorepo architecture and streamline mobile/backend deployments
• Drive cloud infrastructure improvements, primarily on GCP
• Introduce and manage IaC practices using Terraform
• Ensure compliance with SOC 2, HIPAA and other healthcare standards, including ownership of incident and risk registers
• Implement and manage security tooling (e.g., Vanta, Drata, or equivalent) to support audit readiness and data protection
• Embed security controls directly into CI/CD pipelines and automate compliance workflows
• Work with engineering teams to uplift secure coding and deployment practices
• Clearly articulate incident management processes and risk trade-offs to both technical and non-technical stakeholders, including company leadership
• Introduce automation, observability, and monitoring best practices to support a fast-paced, high-availability environment
• Collaborate with the CTO and leadership team on strategic initiatives, including AI adoption

What you Bring:

• Hands-on DevOps or DevSecOps experience
• Experience with GCP and cloud-native architectures
• Strong knowledge of CI/CD tooling (tool-agnostic) and modern development pipelines
• Experience integrating security into CI/CD workflows
• Familiarity with SOC 2, HIPAA, or other compliance frameworks
• Comfort with security/compliance tooling like Vanta, Drata, Wiz, etc.
• Ability to clearly communicate technical concepts to diverse stakeholders, including executives
• Comfortable operating in startup-style, high-autonomy environments
• You take initiative and solve problems without needing a detailed spec

What’s on Offer:

• Join a mission-driven startup in the health sector
• Help the team level up compliance and reliability in preparation for Series B
• Be the first dedicated DevSecOps Engineer with the autonomy to shape tools, process, and culture
• Get in early – equity is on the table